@juspay/yama 1.1.1 → 1.3.0

package/dist/utils/ConfigManager.d.ts

@@ -23,6 +23,10 @@ export declare class ConfigManager {
      * Load configuration from a specific file
      */
     private loadConfigFile;
+    /**
+     * Apply provider-aware token limits using shared utility
+     */
+    private applyProviderTokenLimits;
     /**
      * Apply environment variable overrides
      */

package/dist/utils/ConfigManager.js

@@ -8,6 +8,7 @@ import yaml from "yaml";
 import { homedir } from "os";
 import { ConfigurationError } from "../types/index.js";
 import { logger } from "./Logger.js";
+import { validateProviderTokenLimit } from "./ProviderLimits.js";
 export class ConfigManager {
     config = null;
     configPaths = [];
@@ -24,7 +25,7 @@ export class ConfigManager {
                 timeout: "10m",
                 retryAttempts: 3,
                 temperature: 0.3,
-                maxTokens: 1000000,
+                maxTokens: 65000,
             },
             git: {
                 platform: "bitbucket",
@@ -143,6 +144,11 @@ export class ConfigManager {
             exportFormat: "json",
             interval: "5m",
         },
+        memoryBank: {
+            enabled: true,
+            path: "memory-bank",
+            fallbackPaths: ["docs/memory-bank", ".memory-bank"],
+        },
     };
     constructor() {
         this.setupConfigPaths();
@@ -205,6 +211,8 @@ export class ConfigManager {
         }
         // Override with environment variables
         config = this.applyEnvironmentOverrides(config);
+        // Apply provider-aware token limits
+        config = this.applyProviderTokenLimits(config);
         // Validate configuration
         this.validateConfig(config);
         this.config = config;
@@ -232,6 +240,18 @@ export class ConfigManager {
             throw new ConfigurationError(`Failed to parse config file ${filePath}: ${error.message}`);
         }
     }
+    /**
+     * Apply provider-aware token limits using shared utility
+     */
+    applyProviderTokenLimits(config) {
+        const provider = config.providers.ai.provider || 'auto';
+        const configuredTokens = config.providers.ai.maxTokens;
+        // Use the shared utility to validate and adjust token limits
+        const validatedTokens = validateProviderTokenLimit(provider, configuredTokens, false // Use standard limits for configuration
+        );
+        config.providers.ai.maxTokens = validatedTokens;
+        return config;
+    }
     /**
      * Apply environment variable overrides
      */

package/dist/utils/MemoryBankManager.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Memory Bank Manager - Handles configurable memory bank operations
+ * Provides abstraction for memory bank file access with fallback support
+ */
+import { MemoryBankConfig, PRIdentifier } from "../types/index.js";
+import { BitbucketProvider } from "../core/providers/BitbucketProvider.js";
+export interface MemoryBankFile {
+    name: string;
+    content: string;
+    path: string;
+}
+export interface MemoryBankResult {
+    files: MemoryBankFile[];
+    resolvedPath: string;
+    filesProcessed: number;
+    fallbackUsed: boolean;
+}
+export declare class MemoryBankManager {
+    private config;
+    private bitbucketProvider;
+    constructor(config: MemoryBankConfig, bitbucketProvider: BitbucketProvider);
+    /**
+     * Get memory bank files from the configured path with fallback support
+     */
+    getMemoryBankFiles(identifier: PRIdentifier, forceRefresh?: boolean): Promise<MemoryBankResult>;
+    /**
+     * Try to get files from a specific path
+     */
+    private tryGetFilesFromPath;
+    /**
+     * Get the effective memory bank path (resolved after fallback logic)
+     */
+    getEffectiveMemoryBankPath(identifier: PRIdentifier): Promise<string | null>;
+    /**
+     * Check if memory bank exists at any configured path
+     */
+    hasMemoryBank(identifier: PRIdentifier): Promise<boolean>;
+    /**
+     * Get memory bank configuration
+     */
+    getConfig(): MemoryBankConfig;
+    /**
+     * Update memory bank configuration
+     */
+    updateConfig(newConfig: Partial<MemoryBankConfig>): void;
+    /**
+     * Validates that a path is safe for use as a relative path
+     * Protects against path traversal attacks including encoded variants
+     */
+    private static isSafeRelativePath;
+    /**
+     * Validate memory bank configuration
+     */
+    private validateConfig;
+    /**
+     * Clear memory bank cache for a specific repository
+     */
+    clearCache(identifier: PRIdentifier): void;
+    /**
+     * Get memory bank statistics
+     */
+    getStats(identifier: PRIdentifier): Promise<{
+        enabled: boolean;
+        primaryPath: string;
+        fallbackPaths: string[];
+        hasMemoryBank: boolean;
+        resolvedPath: string | null;
+        fileCount: number;
+        cacheHits: number;
+    }>;
+}
+export declare function createMemoryBankManager(config: MemoryBankConfig, bitbucketProvider: BitbucketProvider): MemoryBankManager;
+//# sourceMappingURL=MemoryBankManager.d.ts.map

package/dist/utils/MemoryBankManager.js

@@ -0,0 +1,310 @@
+/**
+ * Memory Bank Manager - Handles configurable memory bank operations
+ * Provides abstraction for memory bank file access with fallback support
+ */
+import { ConfigurationError } from "../types/index.js";
+import { logger } from "./Logger.js";
+import { cache, Cache } from "./Cache.js";
+export class MemoryBankManager {
+    config;
+    bitbucketProvider;
+    constructor(config, bitbucketProvider) {
+        this.config = config;
+        this.bitbucketProvider = bitbucketProvider;
+        this.validateConfig();
+    }
+    /**
+     * Get memory bank files from the configured path with fallback support
+     */
+    async getMemoryBankFiles(identifier, forceRefresh = false) {
+        if (!this.config.enabled) {
+            logger.debug("Memory bank is disabled in configuration");
+            return {
+                files: [],
+                resolvedPath: "",
+                filesProcessed: 0,
+                fallbackUsed: false,
+            };
+        }
+        const cacheKey = Cache.keys.memoryBankFiles(identifier.workspace, identifier.repository, identifier.branch || "main", this.config.path);
+        if (!forceRefresh && cache.has(cacheKey)) {
+            logger.debug("Using cached memory bank files");
+            return cache.get(cacheKey);
+        }
+        logger.debug(`Gathering memory bank files from configured paths...`);
+        // Try primary path first
+        const primaryResult = await this.tryGetFilesFromPath(identifier, this.config.path);
+        if (primaryResult.files.length > 0) {
+            const result = {
+                ...primaryResult,
+                resolvedPath: this.config.path,
+                fallbackUsed: false,
+            };
+            // Cache the result
+            cache.set(cacheKey, result, 7200); // 2 hours
+            return result;
+        }
+        // Try fallback paths if primary path failed
+        if (this.config.fallbackPaths && this.config.fallbackPaths.length > 0) {
+            logger.debug(`Primary path '${this.config.path}' not found, trying fallback paths...`);
+            for (const fallbackPath of this.config.fallbackPaths) {
+                logger.debug(`Trying fallback path: ${fallbackPath}`);
+                const fallbackResult = await this.tryGetFilesFromPath(identifier, fallbackPath);
+                if (fallbackResult.files.length > 0) {
+                    logger.info(`Memory bank found at fallback path: ${fallbackPath} (${fallbackResult.files.length} files)`);
+                    const result = {
+                        ...fallbackResult,
+                        resolvedPath: fallbackPath,
+                        fallbackUsed: true,
+                    };
+                    // Cache the result
+                    cache.set(cacheKey, result, 7200); // 2 hours
+                    return result;
+                }
+            }
+        }
+        // No memory bank found anywhere
+        logger.debug(`No memory bank found in primary path '${this.config.path}' or fallback paths`);
+        const emptyResult = {
+            files: [],
+            resolvedPath: "",
+            filesProcessed: 0,
+            fallbackUsed: false,
+        };
+        // Cache empty result for shorter time to allow for quick retry
+        cache.set(cacheKey, emptyResult, 1800); // 30 minutes
+        return emptyResult;
+    }
+    /**
+     * Try to get files from a specific path
+     */
+    async tryGetFilesFromPath(identifier, path) {
+        try {
+            // Get directory listing
+            const directoryFiles = await this.bitbucketProvider.listDirectoryContent(identifier.workspace, identifier.repository, path, identifier.branch || "main");
+            if (!directoryFiles.length) {
+                logger.debug(`No files found in directory: ${path}`);
+                return { files: [], filesProcessed: 0 };
+            }
+            // Filter to only files (not directories)
+            const files = directoryFiles.filter((f) => f.type === "file");
+            logger.debug(`Found ${files.length} files in ${path}`);
+            // Get content of each file
+            const memoryBankFiles = [];
+            for (const file of files) {
+                try {
+                    const content = await this.bitbucketProvider.getFileContent(identifier.workspace, identifier.repository, `${path}/${file.name}`, identifier.branch || "main");
+                    memoryBankFiles.push({
+                        name: file.name,
+                        content,
+                        path: `${path}/${file.name}`,
+                    });
+                    logger.debug(`✓ Loaded content for: ${file.name}`);
+                }
+                catch (error) {
+                    logger.debug(`Could not read file ${file.name}: ${error.message}`);
+                    // Continue with other files even if one fails
+                }
+            }
+            return {
+                files: memoryBankFiles,
+                filesProcessed: memoryBankFiles.length,
+            };
+        }
+        catch (error) {
+            logger.debug(`Failed to access path '${path}': ${error.message}`);
+            return { files: [], filesProcessed: 0 };
+        }
+    }
+    /**
+     * Get the effective memory bank path (resolved after fallback logic)
+     */
+    async getEffectiveMemoryBankPath(identifier) {
+        const result = await this.getMemoryBankFiles(identifier);
+        return result.resolvedPath || null;
+    }
+    /**
+     * Check if memory bank exists at any configured path
+     */
+    async hasMemoryBank(identifier) {
+        const result = await this.getMemoryBankFiles(identifier);
+        return result.files.length > 0;
+    }
+    /**
+     * Get memory bank configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Update memory bank configuration
+     */
+    updateConfig(newConfig) {
+        this.config = { ...this.config, ...newConfig };
+        this.validateConfig();
+        logger.debug("Memory bank configuration updated");
+    }
+    /**
+     * Validates that a path is safe for use as a relative path
+     * Protects against path traversal attacks including encoded variants
+     */
+    static isSafeRelativePath(path) {
+        if (!path || typeof path !== "string") {
+            return false;
+        }
+        // Reject empty or whitespace-only paths
+        if (path.trim().length === 0) {
+            return false;
+        }
+        // Reject excessively long paths
+        if (path.length > 1000) {
+            return false;
+        }
+        // Reject absolute paths (Unix-style)
+        if (path.startsWith("/")) {
+            return false;
+        }
+        // Reject absolute paths (Windows-style)
+        if (/^[a-zA-Z]:/.test(path)) {
+            return false;
+        }
+        // Reject UNC paths (Windows network paths)
+        if (path.startsWith("\\\\") || path.startsWith("//")) {
+            return false;
+        }
+        // Decode URL-encoded characters to catch encoded traversal attempts
+        let decodedPath = path;
+        try {
+            // Multiple rounds of decoding to catch double-encoded attacks
+            for (let i = 0; i < 3; i++) {
+                const previousPath = decodedPath;
+                decodedPath = decodeURIComponent(decodedPath);
+                if (decodedPath === previousPath) {
+                    break; // No more decoding needed
+                }
+            }
+        }
+        catch {
+            // If decoding fails, treat as suspicious
+            return false;
+        }
+        // Normalize Unicode characters
+        decodedPath = decodedPath.normalize("NFC");
+        // Check for null bytes (can be used to bypass filters)
+        if (decodedPath.includes("\0") || decodedPath.includes("%00")) {
+            return false;
+        }
+        // Normalize path separators to forward slashes
+        const normalizedPath = decodedPath.replace(/\\/g, "/");
+        // Check for path traversal sequences after normalization
+        if (normalizedPath.includes("../") || normalizedPath.includes("/..")) {
+            return false;
+        }
+        // Check for path traversal at the beginning or end
+        if (normalizedPath.startsWith("..") || normalizedPath.endsWith("..")) {
+            return false;
+        }
+        // Check for hidden traversal patterns
+        if (normalizedPath.includes("./..") || normalizedPath.includes("../.")) {
+            return false;
+        }
+        // Split path into segments and validate each
+        const segments = normalizedPath.split("/").filter(segment => segment.length > 0);
+        for (const segment of segments) {
+            // Reject any segment that is exactly ".."
+            if (segment === "..") {
+                return false;
+            }
+            // Reject segments that contain ".." anywhere
+            if (segment.includes("..")) {
+                return false;
+            }
+            // Allow segments that start with a single dot (like .memory-bank, .config)
+            // but reject multiple dots or suspicious patterns
+            if (segment.startsWith(".") && segment !== ".") {
+                // Allow single dot followed by alphanumeric/dash/underscore
+                if (!/^\.[\w-]+$/.test(segment)) {
+                    return false;
+                }
+            }
+            // Reject segments with control characters
+            // Check for control characters (0x00-0x1F and 0x7F)
+            for (let i = 0; i < segment.length; i++) {
+                const charCode = segment.charCodeAt(i);
+                if ((charCode >= 0 && charCode <= 31) || charCode === 127) {
+                    return false;
+                }
+            }
+        }
+        // Additional check: ensure the resolved path doesn't escape the base
+        // This is a final safety check using path resolution logic
+        const pathParts = segments.filter(part => part !== ".");
+        let depth = 0;
+        for (const part of pathParts) {
+            if (part === "..") {
+                depth--;
+                if (depth < 0) {
+                    return false; // Would escape the base directory
+                }
+            }
+            else {
+                depth++;
+            }
+        }
+        return true;
+    }
+    /**
+     * Validate memory bank configuration
+     */
+    validateConfig() {
+        if (!this.config.path) {
+            throw new ConfigurationError("Memory bank path must be specified when memory bank is enabled");
+        }
+        if (!MemoryBankManager.isSafeRelativePath(this.config.path)) {
+            throw new ConfigurationError(`Memory bank path is unsafe or contains path traversal: ${this.config.path}`);
+        }
+        // Validate fallback paths
+        if (this.config.fallbackPaths) {
+            for (const fallbackPath of this.config.fallbackPaths) {
+                if (!MemoryBankManager.isSafeRelativePath(fallbackPath)) {
+                    throw new ConfigurationError(`Memory bank fallback path is unsafe or contains path traversal: ${fallbackPath}`);
+                }
+            }
+        }
+        logger.debug("Memory bank configuration validated successfully");
+    }
+    /**
+     * Clear memory bank cache for a specific repository
+     */
+    clearCache(identifier) {
+        const patterns = [
+            `memory-bank:${identifier.workspace}:${identifier.repository}:*`,
+            `project-context:${identifier.workspace}:${identifier.repository}:*`,
+        ];
+        patterns.forEach((pattern) => {
+            cache.invalidatePattern(pattern);
+        });
+        logger.debug(`Memory bank cache cleared for ${identifier.workspace}/${identifier.repository}`);
+    }
+    /**
+     * Get memory bank statistics
+     */
+    async getStats(identifier) {
+        const result = await this.getMemoryBankFiles(identifier);
+        const cacheStats = cache.stats();
+        return {
+            enabled: this.config.enabled,
+            primaryPath: this.config.path,
+            fallbackPaths: this.config.fallbackPaths || [],
+            hasMemoryBank: result.files.length > 0,
+            resolvedPath: result.resolvedPath || null,
+            fileCount: result.files.length,
+            cacheHits: cacheStats.hits,
+        };
+    }
+}
+// Export factory function
+export function createMemoryBankManager(config, bitbucketProvider) {
+    return new MemoryBankManager(config, bitbucketProvider);
+}
+//# sourceMappingURL=MemoryBankManager.js.map

package/dist/utils/ProviderLimits.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Provider Token Limits Utility
+ * Centralized management of AI provider token limits and validation
+ */
+/**
+ * AI Provider types supported by the system
+ */
+export type AIProvider = 'vertex' | 'google-ai' | 'gemini' | 'openai' | 'gpt-4' | 'anthropic' | 'claude' | 'azure' | 'bedrock' | 'auto';
+/**
+ * Provider token limits configuration
+ * These limits are conservative values to avoid API errors
+ */
+export declare const PROVIDER_TOKEN_LIMITS: Record<AIProvider, number>;
+/**
+ * Conservative limits used by CodeReviewer for safety
+ * These are slightly lower than the actual limits to provide buffer
+ */
+export declare const CONSERVATIVE_PROVIDER_LIMITS: Record<AIProvider, number>;
+/**
+ * Get the token limit for a specific provider
+ * @param provider - The AI provider name
+ * @param conservative - Whether to use conservative limits (default: false)
+ * @returns The token limit for the provider
+ */
+export declare function getProviderTokenLimit(provider: string, conservative?: boolean): number;
+/**
+ * Validate and adjust token limit for a provider
+ * @param provider - The AI provider name
+ * @param configuredTokens - The configured token limit
+ * @param conservative - Whether to use conservative limits (default: false)
+ * @returns The validated and potentially adjusted token limit
+ */
+export declare function validateProviderTokenLimit(provider: string, configuredTokens: number | undefined, conservative?: boolean): number;
+/**
+ * Get all supported providers
+ * @returns Array of supported provider names
+ */
+export declare function getSupportedProviders(): AIProvider[];
+/**
+ * Check if a provider is supported
+ * @param provider - The provider name to check
+ * @returns True if the provider is supported
+ */
+export declare function isProviderSupported(provider: string): boolean;
+/**
+ * Get provider information including limits and support status
+ * @param provider - The provider name
+ * @param conservative - Whether to use conservative limits
+ * @returns Provider information object
+ */
+export declare function getProviderInfo(provider: string, conservative?: boolean): {
+    provider: string;
+    isSupported: boolean;
+    tokenLimit: number;
+    conservativeLimit: number;
+    standardLimit: number;
+};
+//# sourceMappingURL=ProviderLimits.d.ts.map

package/dist/utils/ProviderLimits.js

@@ -0,0 +1,143 @@
+/**
+ * Provider Token Limits Utility
+ * Centralized management of AI provider token limits and validation
+ */
+import { logger } from "./Logger.js";
+/**
+ * Provider token limits configuration
+ * These limits are conservative values to avoid API errors
+ */
+export const PROVIDER_TOKEN_LIMITS = {
+    // Google/Vertex AI providers
+    'vertex': 65536, // Vertex AI limit is 65537 exclusive = 65536 max
+    'google-ai': 65536, // Google AI Studio limit
+    'gemini': 65536, // Gemini model limit
+    // OpenAI providers
+    'openai': 128000, // OpenAI GPT-4 and newer models
+    'gpt-4': 128000, // GPT-4 specific limit
+    // Anthropic providers
+    'anthropic': 200000, // Claude models limit
+    'claude': 200000, // Claude specific limit
+    // Microsoft Azure
+    'azure': 128000, // Azure OpenAI limit
+    // AWS Bedrock
+    'bedrock': 100000, // AWS Bedrock limit
+    // Auto-selection mode (conservative default)
+    'auto': 60000, // Conservative default for auto-selection
+};
+/**
+ * Conservative limits used by CodeReviewer for safety
+ * These are slightly lower than the actual limits to provide buffer
+ */
+export const CONSERVATIVE_PROVIDER_LIMITS = {
+    'vertex': 65536,
+    'google-ai': 65536,
+    'gemini': 65536,
+    'openai': 120000, // Slightly lower for safety
+    'gpt-4': 120000,
+    'anthropic': 190000, // Slightly lower for safety
+    'claude': 190000,
+    'azure': 120000,
+    'bedrock': 95000, // Significantly lower for safety
+    'auto': 60000,
+};
+/**
+ * Get the token limit for a specific provider
+ * @param provider - The AI provider name
+ * @param conservative - Whether to use conservative limits (default: false)
+ * @returns The token limit for the provider
+ */
+export function getProviderTokenLimit(provider, conservative = false) {
+    // Handle null, undefined, or empty string
+    if (!provider || typeof provider !== 'string') {
+        return conservative ? CONSERVATIVE_PROVIDER_LIMITS.auto : PROVIDER_TOKEN_LIMITS.auto;
+    }
+    const normalizedProvider = provider.toLowerCase();
+    const limits = conservative ? CONSERVATIVE_PROVIDER_LIMITS : PROVIDER_TOKEN_LIMITS;
+    // Handle empty string after normalization
+    if (normalizedProvider === '') {
+        return conservative ? CONSERVATIVE_PROVIDER_LIMITS.auto : PROVIDER_TOKEN_LIMITS.auto;
+    }
+    // Direct match
+    if (normalizedProvider in limits) {
+        return limits[normalizedProvider];
+    }
+    // Partial match - check if provider contains any known provider name
+    for (const [key, limit] of Object.entries(limits)) {
+        if (normalizedProvider.includes(key) || key.includes(normalizedProvider)) {
+            return limit;
+        }
+    }
+    // Default fallback
+    return conservative ? CONSERVATIVE_PROVIDER_LIMITS.auto : PROVIDER_TOKEN_LIMITS.auto;
+}
+/**
+ * Validate and adjust token limit for a provider
+ * @param provider - The AI provider name
+ * @param configuredTokens - The configured token limit
+ * @param conservative - Whether to use conservative limits (default: false)
+ * @returns The validated and potentially adjusted token limit
+ */
+export function validateProviderTokenLimit(provider, configuredTokens, conservative = false) {
+    const providerLimit = getProviderTokenLimit(provider, conservative);
+    if (!configuredTokens || configuredTokens <= 0) {
+        logger.debug(`No configured tokens for ${provider}, using provider default: ${providerLimit}`);
+        return providerLimit;
+    }
+    if (configuredTokens > providerLimit) {
+        logger.warn(`Configured maxTokens (${configuredTokens}) exceeds ${provider} limit (${providerLimit}). Adjusting to ${providerLimit}.`);
+        return providerLimit;
+    }
+    logger.debug(`Token limit validation passed: ${configuredTokens} <= ${providerLimit} for provider ${provider}`);
+    return configuredTokens;
+}
+/**
+ * Get all supported providers
+ * @returns Array of supported provider names
+ */
+export function getSupportedProviders() {
+    return Object.keys(PROVIDER_TOKEN_LIMITS);
+}
+/**
+ * Check if a provider is supported
+ * @param provider - The provider name to check
+ * @returns True if the provider is supported
+ */
+export function isProviderSupported(provider) {
+    // Handle null, undefined, or empty string
+    if (!provider || typeof provider !== 'string') {
+        return false;
+    }
+    const normalizedProvider = provider.toLowerCase();
+    // Handle empty string after normalization
+    if (normalizedProvider === '') {
+        return false;
+    }
+    // Check direct match
+    if (normalizedProvider in PROVIDER_TOKEN_LIMITS) {
+        return true;
+    }
+    // Check partial match
+    for (const key of Object.keys(PROVIDER_TOKEN_LIMITS)) {
+        if (normalizedProvider.includes(key) || key.includes(normalizedProvider)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Get provider information including limits and support status
+ * @param provider - The provider name
+ * @param conservative - Whether to use conservative limits
+ * @returns Provider information object
+ */
+export function getProviderInfo(provider, conservative = false) {
+    return {
+        provider,
+        isSupported: isProviderSupported(provider),
+        tokenLimit: getProviderTokenLimit(provider, conservative),
+        conservativeLimit: getProviderTokenLimit(provider, true),
+        standardLimit: getProviderTokenLimit(provider, false),
+    };
+}
+//# sourceMappingURL=ProviderLimits.js.map